A critical security issue affecting AI systems has been resolved after researchers discovered vulnerabilities in ChatGPT and Codex that could have exposed sensitive user data and developer credentials.
ChatGPT Flaw Enabled Covert Data Exfiltration
Researchers from Check Point uncovered a previously unknown weakness in ChatGPT that allowed hidden data exfiltration without user awareness.
The flaw made it possible for a single malicious prompt to silently extract:
- User conversations
- Uploaded files
- Sensitive session data
This vulnerability exploited a hidden communication channel within the Linux execution environment used by the AI for code processing.
DNS-Based Side Channel Bypassed Security Controls
Instead of using direct network requests, the attack relied on a covert DNS-based mechanism. Data was encoded into DNS queries, effectively bypassing built-in safeguards designed to prevent unauthorized data transmission.
Because the system assumed the execution environment was isolated, it failed to recognize this activity as external communication. As a result:
- No alerts were triggered
- No user permission was requested
- Data transfer remained invisible
Prompt Injection Amplifies Risk
Attackers could exploit this flaw by tricking users into entering malicious prompts disguised as helpful instructions, such as unlocking premium features or improving performance.
The risk becomes even more severe when such logic is embedded within custom GPTs, removing the need for direct user manipulation.
OpenAI addressed the issue on February 20, 2026, following responsible disclosure. There is currently no evidence of real-world exploitation.
Growing Concerns Around AI Security
As AI platforms become more integrated into enterprise environments, the exposure of sensitive data through such vulnerabilities highlights the need for additional security layers.
Experts emphasize that organizations should not rely solely on built-in protections but must implement independent monitoring and defenses against prompt injection and unexpected AI behavior.
Malicious Browser Extensions Add to the Threat
In a related development, threat actors have been distributing browser extensions capable of silently collecting AI chatbot interactions.
These extensions can lead to:
- Identity theft
- Targeted phishing campaigns
- Exposure of confidential business data
This underscores the risks posed by seemingly harmless add-ons in modern AI-driven workflows.
Codex Vulnerability Allowed GitHub Token Theft
Another major issue was identified in OpenAI Codex by researchers at BeyondTrust.
The flaw involved a command injection vulnerability that allowed attackers to execute arbitrary commands through improperly validated input.
Exploitation via GitHub Branch Name
The vulnerability existed in how Codex processed GitHub branch names during task creation. Attackers could inject malicious commands into the branch name parameter of an HTTP request.
This enabled them to:
- Execute code within the Codex container
- Steal GitHub user access tokens
- Gain read and write access to repositories
By referencing Codex in pull request comments, attackers could trigger automated code review processes, causing the malicious payload to execute and send data back to an external server.
Broad Impact Across Tools
The vulnerability affected multiple Codex-related components, including:
- ChatGPT web interface
- Codex CLI and SDK
- Codex IDE extension
OpenAI patched the issue on February 5, 2026, after it was responsibly disclosed in December 2025.
AI Agents Expand the Attack Surface
Security researchers warn that AI-powered development tools introduce new risks due to their deep integration and elevated permissions.
If compromised, these systems can provide attackers with scalable access to enterprise environments without triggering traditional defenses.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
